From mboxrd@z Thu Jan  1 00:00:00 1970
From: Claude Code Review Bot <claude-review@example.com>
To: dri-devel-reviews@example.com
Subject: Claude review: drm/bridge: it6505: fix use-after-free in it6505_parse_dt()
Date: Sun, 12 Apr 2026 11:30:02 +1000
Message-ID: <review-overall-20260409084817.470401-1-vulab@iscas.ac.cn>
In-Reply-To: <20260409084817.470401-1-vulab@iscas.ac.cn>
References: <20260409084817.470401-1-vulab@iscas.ac.cn>
X-Mailer: Claude Code Patch Reviewer
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Overall Series Review

Subject: drm/bridge: it6505: fix use-after-free in it6505_parse_dt()
Author: Wentao Liang <vulab@iscas.ac.cn>
Patches: 1
Reviewed: 2026-04-12T11:30:02.603337

---

This is a single patch claiming to fix a use-after-free in `it6505_parse_dt=
()`. The identified bug is real =E2=80=94 the original code calls `of_node_=
put(ep)` before `ep` is subsequently passed to `of_property_read_variable_u=
64_array()`, which is a use-after-free if the refcount drops to zero. Howev=
er, the patch has two issues: (1) it adds a spurious `of_node_put(ep)` in t=
he `else` branch where `ep` is guaranteed to be NULL, and (2) it fails to f=
ix the **exact same bug** present earlier in the same function for the firs=
t `of_graph_get_endpoint_by_regs()` call.

**Verdict: Needs revision.** The core fix is correct for the second endpoin=
t lookup, but the patch is incomplete =E2=80=94 the same use-after-free pat=
tern exists a few lines above and is left unfixed.

---

---
Generated by Claude Code Patch Reviewer